via wordfence.com => original post link
On October 17, 2022, the Wordfence Threat Intelligence team began monitoring for activity targeting CVE-2022-42889, or “Text4Shell” on our network of 4 million websites. We started seeing activity targeting this vulnerability on October 18, 2022.
Text4Shell is a vulnerability in the Apache Commons Text library versions 1.5 through 1.9 that can be used to achieve remote code execution. While the vulnerability itself is similar to last year’s vulnerability CVE-2021-44228 in Apache’s log4j library, the Apache Commons Text library is far less widely used in an unsafe manner and the likelihood of successful exploitation is significantly lower.
As the vulnerability allows remote code execution, it has a CVSS score of 9.8, indicating critical impact if successfully exploited. The issue was patched in version 1.10.0.